| @@ -77,7 +77,7 class MyController < ApplicationController | |||
|
|
77 | 77 | # Manage user's password |
|
|
78 | 78 | def password |
|
|
79 | 79 | @user = User.current |
|
|
80 | if @user.auth_source_id | |
|
|
80 | unless @user.change_password_allowed? | |
|
|
81 | 81 | flash[:error] = l(:notice_can_t_change_password) |
|
|
82 | 82 | redirect_to :action => 'account' |
|
|
83 | 83 | return |
| @@ -32,6 +32,15 class AuthSource < ActiveRecord::Base | |||
|
|
32 | 32 | "Abstract" |
|
|
33 | 33 | end |
|
|
34 | 34 | |
|
|
35 | def allow_password_changes? | |
|
|
36 | self.class.allow_password_changes? | |
|
|
37 | end | |
|
|
38 | ||
|
|
39 | # Does this auth source backend allow password changes? | |
|
|
40 | def self.allow_password_changes? | |
|
|
41 | false | |
|
|
42 | end | |
|
|
43 | ||
|
|
35 | 44 | # Try to authenticate a user not yet registered against available sources |
|
|
36 | 45 | def self.authenticate(login, password) |
|
|
37 | 46 | AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source| |
| @@ -71,7 +71,7 class User < Principal | |||
|
|
71 | 71 | |
|
|
72 | 72 | def before_save |
|
|
73 | 73 | # update hashed_password if password was set |
|
|
74 | self.hashed_password = User.hash_password(self.password) if self.password | |
|
|
74 | self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank? | |
|
|
75 | 75 | end |
|
|
76 | 76 | |
|
|
77 | 77 | def reload(*args) |
| @@ -116,7 +116,7 class User < Principal | |||
|
|
116 | 116 | user.language = Setting.default_language |
|
|
117 | 117 | if user.save |
|
|
118 | 118 | user.reload |
|
|
119 | logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger | |
|
|
119 | logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source | |
|
|
120 | 120 | end |
|
|
121 | 121 | end |
|
|
122 | 122 | end |
| @@ -161,7 +161,17 class User < Principal | |||
|
|
161 | 161 | end |
|
|
162 | 162 | |
|
|
163 | 163 | def check_password?(clear_password) |
|
|
164 | User.hash_password(clear_password) == self.hashed_password | |
|
|
164 | if auth_source_id.present? | |
|
|
165 | auth_source.authenticate(self.login, clear_password) | |
|
|
166 | else | |
|
|
167 | User.hash_password(clear_password) == self.hashed_password | |
|
|
168 | end | |
|
|
169 | end | |
|
|
170 | ||
|
|
171 | # Does the backend storage allow this user to change their password? | |
|
|
172 | def change_password_allowed? | |
|
|
173 | return true if auth_source_id.blank? | |
|
|
174 | return auth_source.allow_password_changes? | |
|
|
165 | 175 | end |
|
|
166 | 176 | |
|
|
167 | 177 | # Generate and set a random password. Useful for automated user creation |
| @@ -1,5 +1,5 | |||
|
|
1 | 1 | <div class="contextual"> |
|
|
2 |
<%= link_to(l(:button_change_password), :action => 'password') |
|
|
|
2 | <%= link_to(l(:button_change_password), :action => 'password') if @user.change_password_allowed? %> | |
|
|
3 | 3 | <%= call_hook(:view_my_account_contextual, :user => @user)%> |
|
|
4 | 4 | </div> |
|
|
5 | 5 | <h2><%=l(:label_my_account)%></h2> |
| @@ -273,6 +273,32 class UserTest < ActiveSupport::TestCase | |||
|
|
273 | 273 | assert !u.password.blank? |
|
|
274 | 274 | assert !u.password_confirmation.blank? |
|
|
275 | 275 | end |
|
|
276 | ||
|
|
277 | context "#change_password_allowed?" do | |
|
|
278 | should "be allowed if no auth source is set" do | |
|
|
279 | user = User.generate_with_protected! | |
|
|
280 | assert user.change_password_allowed? | |
|
|
281 | end | |
|
|
282 | ||
|
|
283 | should "delegate to the auth source" do | |
|
|
284 | user = User.generate_with_protected! | |
|
|
285 | ||
|
|
286 | allowed_auth_source = AuthSource.generate! | |
|
|
287 | def allowed_auth_source.allow_password_changes?; true; end | |
|
|
288 | ||
|
|
289 | denied_auth_source = AuthSource.generate! | |
|
|
290 | def denied_auth_source.allow_password_changes?; false; end | |
|
|
291 | ||
|
|
292 | assert user.change_password_allowed? | |
|
|
293 | ||
|
|
294 | user.auth_source = allowed_auth_source | |
|
|
295 | assert user.change_password_allowed?, "User not allowed to change password, though auth source does" | |
|
|
296 | ||
|
|
297 | user.auth_source = denied_auth_source | |
|
|
298 | assert !user.change_password_allowed?, "User allowed to change password, though auth source does not" | |
|
|
299 | end | |
|
|
300 | ||
|
|
301 | end | |
|
|
276 | 302 | |
|
|
277 | 303 | if Object.const_defined?(:OpenID) |
|
|
278 | 304 | |
General Comments 0
You need to be logged in to leave comments.
Login now